CVE-2006-2878

CVE-2006-2878 affects DokuWiki (spellcheck.php) where unsanitized PHP code can be injected through the PHP/complex curly syntax in a preg_replace with the /e modifier. A remote unauthenticated attacker could execute arbitrary PHP commands on the webserver running DokuWiki, as described in multipl...

CVE-2006-2878

The spellchecker spellcheck.php in DokuWiki 2006/06/04 and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" that is inserted into a regular expression that is processed by pregreplace with the /e executable modifier...

PT-2006-3760 · Squirrelmail +1 · Squirrelmail +1

Name of the Vulnerable Software and Affected Versions: SquirrelMail versions 1.4.6 and earlier Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter, under specific conditions where register globals is enabled and magic quotes gpc is...

Bookmark4U 2.0 - incdbase.php?env[include_prefix] Remote File Inclusion

Bookmark4U 2.0 - incdbase.php?envincludeprefix Remote File Inclusion source: https://www.securityfocus.com/bid/18281/info Bookmark4U is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker...

CVE-2006-2762

PHP remote file inclusion vulnerability in includes/config.php in WebCalendar 1.0.3 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter, which is remotely accessed in an fopen call whose results are used to define a userinc setting that is used in an...

ipb search.php vulnerability analysis and thinking-vulnerability warning-the black bar safety net

Author: SuperHeiAtph4nt0m.org Blog: http://superhei.blogbus.com/ Team: http://www.ph4nt0m.org Data: 2006-04-27 Simple analysis The vulnerability is another one of pregreplace+/e vulnerability,代码 在 \sources\actionadmin\search.php line 1 2 5 8-1 2 6 a 2: if $this-ipsclass-input'lastdate' $this-outp...

CVE-2006-2592

The CVE-2006-2592 entry concerns DSChat 1.0, where a vulnerability in the Nickname field allows remote attackers to execute arbitrary PHP code because the field is not sanitized before creating a file in a user directory. The public record includes a CVSS v2 base score of 7.5 (HIGH) with Network ...

CVE-2006-2578

admin/cron.php in eSyndicat Directory 1.2, when registerglobals is enabled and magicquotesgpc is disabled, allows remote attackers to include arbitrary files and possibly execute arbitrary PHP code via a null-terminated value in the pathtoconfig parameter...

Code injection

Jelsoft vBulletin accepts uploads of Cascading Style Sheets CSS and processes them in a way that allows remote authenticated administrators to gain shell access by uploading a CSS file that contains PHP code, then selecting the file via the style chooser, which causes the PHP code to be executed...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in SmartISoft phpListPro 2.01 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the returnpath parameter in 1 editsite.php, 2 addsite.php, and 3 in.php. NOTE: The config.php vector is already covered by CVE-2006-1749...

EUVD-2006-2331

PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, a...

CVE-2006-2323

Multiple PHP remote file inclusion vulnerabilities in SmartISoft phpListPro 2.01 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the returnpath parameter in 1 editsite.php, 2 addsite.php, and 3 in.php. NOTE: The config.php vector is already covered by CVE-2006-1749...

Hackmaster Group DMCounter Remote File Include

Script: DMCounter Version: 0.9.2-b Language: PHP Problem: Remote File Include Vendor: http://Www.HackMaster.Us Discovered by: C-W-Mathackmasterdotus Description ============= Statistics software based on PHP which does not require any database support but just uses flat files. Daily + monthly...

Design/Logic Flaw

X-Scripts X-Poll xpoll 2.30 allows remote attackers to execute arbitrary PHP code by using admin/images/add.php to upload a PHP file, then access it...

Remote file inclusion

PHP remote file inclusion vulnerability in auction\auctioncommon.php in Auction mod 1.3m for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...

CVE-2006-2261

PHP remote file inclusion vulnerability in day.php in ACal 2.2.6 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter...

CoolMenus 4.0 - 'index.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/17738/info CoolMenus is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious P...

I-RATER Platinum - 'Config_settings.TPL.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/17731/info I-RATER Platinum is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing...

CVE-2006-2005

Eval injection vulnerability in index.php in ClanSys 1.1 allows remote attackers to execute arbitrary PHP code via PHP code in the page parameter, as demonstrated by using an "include" statement that is injected into the eval statement. NOTE: this issue has been described as file inclusion by som...

CVE-2006-2002

PHP remote file inclusion vulnerability in stats.php in MyGamingLadder 7.0 allows remote attackers to execute arbitrary PHP code via a URL in the dirbase parameter...